8h • 🙋♂️ CISSP
CISSP Practice Question (Domain 7: Security Operations)
During a confirmed ransomware incident, the IR team identifies that the attacker is still actively exfiltrating data through a compromised service account. The legal team requests that no systems be taken offline to preserve evidence for potential litigation. Operations wants the bleeding stopped immediately. What should the incident commander prioritize FIRST?
A. Disable the compromised service account to stop active data exfiltration
B. Isolate affected network segments while preserving system state for forensics
C. Initiate a full forensic image of all affected systems before any containment action
D. Convene an emergency meeting with legal, operations, and security to align on priorities
Come back for the answer tomorrow, or study more now!
0
9 comments
CISSP Practice Question (Domain 7: Security Operations)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+41
2
+32
3
+29
4
+29
5
+27
Powered by